CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-13284 – Gutenberg - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2024-048
https://notcve.org/view.php?id=CVE-2024-13284
09 Jan 2025 — Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. • https://www.drupal.org/sa-contrib-2024-048 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2023-38000 – Auth. Stored Cross-Site Scripting (XSS) vulnerability in WordPress core and Gutenberg plugin via Navigation Links Block
https://notcve.org/view.php?id=CVE-2023-38000
12 Oct 2023 — Auth. Stored (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress core 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.1.3, from 6.0 through 6.0.5, from 5.9 through 5.9.7 and Gutenberg plugin <= 16.8.0 versions. Vulnerabilidad de Coss-Site Scripting (XSS) autenticada (con permisos de colaboradores o superiores) almacenada en WordPress core 6.3 a 6.3.1, de 6.2 a 6.2.2, de 6.1 a 6.1.3, de 6.0 a 6.0.5, de 5.9 a 5.9.7 y versiones del complemento Gutenberg en versiones <= 16.8.0.... • https://patchstack.com/articles/wordpress-core-6-3-2-security-update-technical-advisory?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-33994
https://notcve.org/view.php?id=CVE-2022-33994
30 Jul 2022 — The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. El plugin Gutenberg versiones hasta 13.7.3 para WordPress, ... • https://blog.jitendrapatro.me/cve-2022-33994-stored-xss-in-wordpress • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •